cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Longson_Ho1
Nickel

How to configure Symmetric Return with using ISP Load Sharing

Dear, 

If my client has CP FW, two external interfaces, each connected to two ISP links (with public ip adderss A and B) and using ISP Load Sharing mode, and one interface connected to internal and protecting server.

For public to access the internal server, it will first resolve the domain name (assume having external DNS server to respond) to IP address A or B, ingress to check Point  FW, perform Dest-NAT to the internal server ip. 

How we can configure the FW so that the return traffic from the server will follow the same inbound interface (Symmetric Return) which the session created, and perform hide NAT using the same inbound interface?

Thank you!

Tags (1)
0 Kudos
2 Replies

Re: How to configure Symmetric Return with using ISP Load Sharing

sk25152 -- Header is for failures but it's basically what you need to use to hide outgoing connections from the server according to interface it's leaving.

--Juan

Longson_Ho1
Nickel

Re: How to configure Symmetric Return with using ISP Load Sharing

Hi Juan,

For my case, it is the return traffic of initially inbound traffic from public, not outgoing traffic.
It seems the KB did not mention the case for return traffic when it is leaving

0 Kudos